Passing an audit of your cloud infrastructure and processes is critical to the success of your business. If you don’t pass, you might lose existing or potential customers who are looking for specific credentials and accreditations. Additionally, you could be fined for not complying with certain regulatory requirements.
But preparing for an audit can be a big undertaking (some organizations have entire teams dedicated to ensuring they pass audits). It requires keeping documentation up to date, which is often time-consuming and can be difficult to maintain for companies that consistently change their cloud architecture.
Fortunately, there’s an efficient way to maintain documentation and prepare for audits: Lucidscale.
3 minute read
Want to make a cloud visualization of your own? Try Lucidscale. It's quick, easy, and completely free.
How to prepare for a cloud audit using Lucidscale
-
Import your architecture into the Data Hub
Navigate to the left-side panel in Lucidscale and select “Import Data'' to pull in cloud provider metadata and get an accurate picture of your current state. Lucidscale works with AWS, Azure, and GCP. For more detailed instructions, check out our Help Center on importing your data.
-
Create new model in Lucidscale
Auto-generate a model from your imported data. You’ll be able to apply filters, customize views, show connected resources, and more.
Create custom audit views that are auto-saved within your model by adding filters, lines, conditional formatting rules, text fields, and cloud provider metadata.
Use filters to remove or focus on specific resources and resource groups. Toggle lines on and off to verify that resources are connected the way they should be. When you create a new conditional formatting rule, Lucidscale will automatically evaluate all of the resources in your model to see if they match your conditional formatting criteria. Further customize your audit views by displaying relevant text and metadata.
-
Highlight items for later reference
If you find any issues with your existing infrastructure, you can highlight them or add an icon for later reference. You can also @mention someone on your build team to fix it.
-
Update your model regularly
Update your model periodically to keep your documentation accurate.
-
Embed your Lucidscale model
If you keep your documentation in one location such as Confluence, consider using the Lucidscale embed feature to embed your model. It will automatically reflect any changes to your infrastructure as long as you keep your Lucidscale model up to date.
Lucidscale cloud audit example
Lucidscale is a valuable compliance asset, whether used reactively or proactively. Architecture models can be given to auditors to prove compliance, and they can even be used as a regular internal compliance checklist.
For example, Informatica uses Lucidscale for FedRAMP compliance and other compliance models.
“One of the things that we do for FedRAMP is include architecture drawings and architecture models,” said Toby Foss, director of cloud network operations at Informatica. For FedRAMP, the models are less detailed but still informative.
Lucidscale models can work for multiple types of audits with various levels of details needed, and you can reuse your models for each audit.
“The idea is that we keep one set of documents and then each of these different compliance models, whether it’s FedRAMP, ISO, SOC 2, HIPAA, or whatever, include the same architecture drawings, so we’re not maintaining separate documents,” Foss said.
Maintaining architecture documents in a central location ensures compliance isn’t a point of friction or concern.
Preparing for an audit can be a cumbersome process, but it’s easier when you have a simple, repeatable process for updating and maintaining cloud architecture documentation.
Lucidscale automatically generates accurate cloud architecture diagrams—saving you hours of manual work and preparing your organization for future audits.